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[57] ABSTRACT 

A cryptographic framework consists of four basic service 
elements that include a national flag card, a cryptographic 
unit, a host system, and a network security server. Three of 
the four service elements have a fundamentally hierarchical 
relationship. The National Flag Card (NFC) is installed into 
the Cryptographic Unit (CU) which, in turn, is installed into 
a Host System (HS). Cryptographic functions on the Host 
System cannot be executed without a Cryptographic Unit, 
which itself requires the presence of a valid National Flag 
Card before it's services are available. The fourth service 
element, a Network Security Server (NSS), can provide a 
range of different security services including verification of 
the other three service elements. The framework addresses 
national policies governing cryptography, where such poli- 
cies can be independently developed and maintained using 
a such a framework. Furthermore, the common service 
elements provide the necessary focus for establishing 
interoperability while reconciling these different National 
policies. 

25 Claims, 3 Drawing Sheets 
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INTERNATIONAL CRYPTOGRAPHY 
FRAMEWORK 

BACKGROUND OF THE INVENTION 

1. Technical Field 

The invention relates to cryptography. More particularly, 
the invention relates to an international cryptography frame- 
work. 

2. Description of the Prior Art 

Customers of large computer systems are typically mul- 
tinational corporations that want to purchase enterprise wide 
computer based solutions. The distributed nature of such 
organizations requires them to use public international com- 
munications services to transport data throughout their orga- 
nization. Naturally, they are concerned about the security of 
their communications and seek to use modern end-to-end 
cryptographic facilities to assure privacy and data integrity. 

The use of cryptography in communications is governed 
by national policy and unfortunately, national policies differ 
with respect to such use. Each national policy is developed 
independently, generally with a more national emphasis 
rather than international considerations. There are standards 
groups that are seeking to develop a common cryptographic 
algorithm suitable for international cryptography. However, 
the issue of international cryptographic standards is not a 
technical problem, but rather it is a political issue that has 
national sovereignty at its heart. As such, it is not realistic to 
expect the different national cryptography policies to come 
into alignment by a technical standardization process. 

The issue of national interests in cryptography is a par- 
ticular concern of companies that manufacture open- 
standards-based information technology products for a 
worldwide market. The market expects these products to be 
secure. Yet, more and more consumers of these products are 
themselves multinational and look to the manufacturers to 
help them resolve the international cryptography issues 
inhibiting their worldwide information technology develop- 
ment. The persistence of unresolved differences and export 
restrictions in national cryptography policies has an adverse 
impact on international market growth for secure open 
computing products. Thus, it would be helpful to provide an 
international framework that provides global information 
technology products featuring common security elements, 
while respecting the independent development of national 
cryptography policies. 

Nations have reasons for adopting policies that govern 
cryptography. Often these reasons have to do with law 
enforcement and national security issues. Within each coun- 
try there can be debates between the government and the 
people as to the rightness and acceptability of these policies. 
Rather than engage in these debates or try to forecast then- 
outcome, it is more practical to accept the sovereign right of 
each nation to establish an independent policy governing 
cryptography in communication. ' 

Policies governing national cryptography not only 
express the will of the people and government, but also 
embrace certain technologies that facilitate cryptography. 
Technology choice is certainly one area where standardiza- 
tion can play a role. However, as indicated earlier this is not 
solely a technical problem, such that selection of common 
cryptographic technologies alone can not resolve the 
national policy differences. Consequently, it would be useful 
to provide a common, accepted cryptography framework, 
wherein independent technology and policy choices can be 
made in a way that still enables international cryptographic 
communications consistent with these policies. 
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SUMMARY OF THE INVENTION 

The invention provides a four-part technology framework 
that supports international cryptography, which includes a 
national flag card, a cryptographic unit a host system, and 
a network security server. Three of the four service elements 
have a fundamentally hierarchical relationship. The National 
Flag Card (NFC) is installed into the Cryptographic Unit 
(CU) which, in turn, is installed into a Host System (HS). 
Cryptographic functions on the Host System cannot be 
executed without a Cryptographic Unit, which itself requires 
the presence of a valid National Flag Card before it's 
services are available. The fourth service element, a Net- 
work Security Server (NSS), can provide a range of different 
security services including verification of the other three 
service elements. 

The framework supports the design, implementation, and 
operational elements of any and all national policies, while 
unifying the design, development, and operation of inde- 
20 pendent national security policies. The invention thus gives 
standard form to the service elements of national security 
policies, where such service elements include such things as 
hardware form factors, communication protocols, and 
on-line and off-line data definitions. 

25 BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram of an international cryptography 
framework, including a national flag card, a cryptographic 
unit, a host system, and a network security server according 

30 to the invention; 

FIG. 2 is a perspective view showing the four basic 
elements of the framework, including a cryptographic unit 
and several national flag cards, a host system, and a national 
security server according to the invention; and 

35 FIG. 3 illustrates the message exchange paths, between an 
NFC and a CU, between a CU and an HS, and between an 
HS and an NSS. 

DETAILED DESCRIPTION OF THE 
INVENTION 

40 

National cryptography policy often varies by industry 
segment, political climate, and/or message function. This 
makes it difficult to assign one uniform policy across all 
industries for all time, consequently, the flexibility of a 

45 cryptography framework that incorporates a national flag 
card is very attractive. The invention is therefore directed to 
resolving problems surrounding international cryptography. 
It presents a framework that may be used to support the 
design and development of any national policy regarding 

so cryptography. 

The invention provides an international cryptography 
framework that has four service elements, each offering 
different types of services. FIG. 1 is a block diagram of the 
international cryptography framework 10, including a 

55 national flag card 12. a cryptographic unit 14. a host system 
16, and a network security server 18. Three of the four 
service elements have a fundamentally hierarchical relation- 
ship. The National Flag Card (NFC) is installed into the 
Cryptographic Unit (CU) which, in turn, is installed into a 

60 Host System (HS). Cryptographic functions on the Host 
System cannot be executed without a Cryptographic Unit, 
which itself requires the presence of a valid National Flag 
Card before it's services are available. The fourth service 
clement, a Network Security Server (NSS), provides a range 

65 of different security services including verification of the 
other three service elements, and thus acts as a trusted third 
party. 
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Messages enciypted using the proposed framework carry The CU preferably contains popular cryptographic 

an electronic stamp identifying the National cryptography algorithms, such as DES and RSA. However, these algo- 

policy under which the message was encrypted The Net- rithms would not be enabled without the presence of a valid 

work Security Server also provides stamp verification ser- NFC. This is a variation of the cryptography with a hole 

vices for message handling systems. 5 concept with a very controlled methodology and framework 

HG. 2 is a perspective view showing the four basic for mz Z thc holc * 

elements of the framework, including the cryptographic unit Although cryptographic techniques are not discussed in 

14 and several national flag cards 12, a host system 16. and herein > ^ere are more than a few solution method- 

a national security server 18. In the following sections each ol °g ies available. For example, the cryptographic commu- 

service element is discussed in greater detail, followed by a 10 nidations system described in U.S. Pat No. 4,405,829, 

series of examples to illustrate the interworking of the four commonly referred to as the RSA (ie. Rivest, Shamir, 

service elements in various embodiments of the invention. Adelman) cryptosystem, may be used in connection with the 

NATIONAL FLAG CARD (NFC). THe NFC 12 is a small ^don herein. In such a system, a public key P is made 

■ jnc.K \roAnoiZ±. ^ a • available for encryption of messages M, while an associated 

stamp sized (25x15 mm) ISO 7816-type smart card, i,e. a ^ The secret kev is reauired for 

one chip computer 26 having a non-volatile memory. Hie 15 ^l^y^sa es required lor 

NFC is mounted on a rigid substrate and sealed in a ecrypuono messages. 

tamper-proof package. The NFC is typically produced inde- . 10 Ae ,* SA cryptosystem, the public key is a pair of 

pendently and distributed by National agencies (e.g. United ^ e). and the secret key is also a pair of integers 

States Postal Service, German Bundespost). National agen- ^ d >' ™ e P ubhc ^ and secret ke ? m CTeated m an 

cies may also license NFC production and distribution to 20 RSA cryptosystem as follows: 

private industry. L Two pnmt numbers p and q are chosen. 

m . 1 i . . A 2 - The integer n used in the public and secret keys is given 

The action of the NFC service element is to enforce a ^ n=n>a 

Nation's policy governing the use of cryptography. An NFC 3 ^ constantphi(n)is calculated according to the equation 

is a complete computer that can be constructed as a multi- 2J phKnWo-lVa-l) 

chip architecture to include custom integrated circuits. It ^Theintegerusedin'thepubUckeyeischosentobeanodd 

also would include tamper resistance and unique identifica- ^ relatively ^ t0 m ^ 

tion features, making /^authorized entry or duplication 5 A yalue fa d h calcu i ated which is ^ multi pUcative 

impossible. For example, the NFC could be sealed in such tovene of e modulo w(n) 

a way that opening its package would destroy any integrated 3Q g ^ ^ to te encrypted h denoted by a number M 

circuit or data inside. The NFC could require receipt of an ^ ^ o<M^n 

encrypted _ authorization issued by the National Security ? Thc encrypted - es - gc is ^noted by the number C. also 

S o^ er ;^ SemCSS ° f ? C ™F pI ? u dEd Vla in *e range OgMgn, where C=M'(mod n). 

ISO 7816 message exchanged protocol between the NFC g xhc secret ^ s=(lli d) is used t0 ftc dphertext 

and other service elements. This format is identical to the 3J c because M^C^fmod n) 

smart card used in Europe to support GSM in cellular voice Thc RSA ^0^^ is sccurc tecause ^ k no casy 

services. wa y tQ ca j cu 2 ate tne secre t key S=(n, d) from the public key 

CRYPTOGRAPHIC UNIT (CU). The CU is a tamper- p=( n . e ). The easiest known way to determine d from n and 

resistant hardware component designed to provide protected e is to factor n. The security of the RSA cryptosystem rests 

cryptographic services under the strict control of an NFC. 40 in large part on the difficulty of factoring large integers. That 

CUs would be produced competitively by system vendors ^ the RSA public key cryptosystem is based on the dramatic 

and third parties and be free of import and export restric- difference between the ease of finding large prime numbers, 

dons. Because the CU includes critical elements of security an d the difficulty of factoring the product of two large prime 

such as encryption algorithms and keys, it is likely that it numbers. Thus, in the '829 patent it is stated that (t the 

would be certified (e,g. NEST, NCSC, or ITSEC Certified) 45 security of the system is dependent upon the ability to 

for customer assurance. It is a feature of this invention that determine p and q which are the prime factors of n. By 

the CU does not contain any governing policy other than its selecting p and q to be large primes, the resultant composite 

dependence upon a NFC. This component is preferably number n is also large, and correspondingly diflicult to 

designed for performance and protection with customization factor. For example, using known computer-implemented 

for a given Host System 50 factorization methods, on the order of 10 9 years is (sic) 

The CU may be offered in various formats, for example required to factor a 200 digit long number." 

as a PCMCIA card having a connector 20 that is adapted to See also, for example T. Cormen, C. Leiserson, R. Rivest, 

mate with a corresponding connector in the PCMCIA slot 28 Introduction to Algorithms, MIT Press/McGraw-Hill Book 

of a Host System, such as a personal computer. One pre- Co., 1991, pg. 831-837, 851-852, 995, and S. Garfinkel, 

ferred PCMCIA format is the GEMPLUS Smart PC Card, 55 PGP Pretty Good Privacy, O'Reilly & Associates, Inc. 

which includes a small drawer 22 that extends from the 1995, pg. 33-59, 355-367. 

PCMCIA card, as indicated in FIG. 2 by the arrow 24, to Because there are likely to be other verification issues 
support the stamp-sized NFC. Other CU formats might surrounding each service element, it is preferred that the 
include custom ASIC, daughter boards, EISA boards, or choice of encryption technique be resolved for each appli- 
motherboard logic. It is also possible for the framework to 60 cation to which the invention is put. Additionally, the NFC 
embrace a software-only CU running on the HS. However, and CU may be provided in various form factors. For 
software's current state of the art finds it very difficult to example, a product may be built in a larger package that 
provide protection for keys, algorithms, and enabling/ allow it to provide more performance, i.e. greater security, 
disabling control. This is possible only when the HS is a very HOST SYSTEM (HS). The HS is identifiable as the 
closed system, for example with ROM only applications. 65 hardware component that delivers secure information tech- 
Even men it would be difficult to control software replication nology services directly to the user. HSs are typically a 
without these constraints. general purpose information technology device and would 
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be produced competitively in a wide open market. Examples Beyond the physical interconnection of the framework's 

include personal digital assistants, personal computers, service elements lies the message exchange between the 

workstations, laptops, palmtops, networked servers, main elements and the actual services provided and requested via 

frames, network printers, or video display units. The tunc- this message exchange. FIG. 3 illustrates the message 

tion of the HS service element in the frameworkis to provide 5 exchange paths, between an NFC 12 and a CU 14 (path 35), 

an Application Programming Interface (API) for accessing between fte cu 14 md ^ HS 16 ^ ath 36) and betwccn ^ 

the CU service element. Preferably, CU support is provided HS 16 md m NSS 18 ^th 37). A virtual connection 38 

as an opUon available on the HS. exists betweefl fee ^ and ^ NSS Messa m protocol 

The HS represents a very large and diverse class of between the HS and the CU along the path 36 are best taken 
urformation technology equipment Although these systems standardLion eff orts (e g.NS^Q^to 
are initially grouped uniformly into a common class, some A „ T 7™ "z , ^ a^tT nnu • 
applications might prefer to break this class down into ^ Ml ^ 0S ?? T s ^\^P\ ™ c u racss ^ n S I***** 
specialized subclasses (e.g. Telecommunications, Banking, betwe f n 4116 CU and . don S me P 8 * 35 15 ^go- 
Trading). The framework allows for this and supports it by mt0 two & 0U P S ] tnmalization protocols, and opera- 
allowing different types of NFCs to be used to identify these ^onal protocols. The initialization protocols must be suc- 
different HS subclasses. 15 cessful before operational protocols are active, 

NETWORK SECURITY SERVER (NSS). The NSS is a The CU<->NFC initialization messaging along the path , 

network node designed and designated to provide trusted 35 can be initiated by either the CU 14 or the NFC 12. 

third party security services. For example, any network 100 CU>NFC Begin initialization sequence 

access, such as via modems 30, 32 over a network 34, must 101 NFOCU Begin initialization sequence 

be authenticated by the NSS. In the context of national 20 102 CU>NFC Identification information? 

security, NSSs are preferably developed, owned, and oper- 103 NFC>CU NFC Identification credentials, one for each 

ated by government agencies. Some of the functions pro- policy supported 

vided by the NSS service element include service element 104 CU>NFC Policy # activation? 

authentication, message stamp authentication, national 105 NFOCU Policy # activation status={in progress} 

policy enforcement, and cryptographic key distribution. The 25 106 CU>NFC Policy # activation? 

importance of the NSS can rise sharply in environments 107 NFC>CU Policy # activation status={ completed} 

where a strong degree of verification is prerequisite to 108 CU>NFC Algorithm # enabler?for 109 opt NFC>CU 

cryptographic use. The NSS also plays a significant role in NSS Authorization for Algorithm #? (Encrypted) 

the interoperability of differing National cryptographic poli- 110 opt CU>HS NSS Authorization for Algorithm #? 

cies. 30 (Encrypted) 

SCOPE OF THE FRAMEWORK. The scope of the 111 opt HS>NSS NSS Authorization for Algorithm #? 

framework is largely defined by the scope of the NFCs. The (Encrypted) 

basic scope of the NFCs is that of a domain. A domain can 112 opt NSS>HS Algorithm # enabler code (Encrypted) 

be as large as worldwide and as small as a business unit. At 113 opt HS>CU Algorithm # enabler code (Encrypted) 

the domain level there is no unique distinction among its 35 114 opt CU>NFC Algorithm # enabler code (Encrypted) for 

members. While this framework primarily focuses on 115 NFOCU Algorithm # enabler code 

National and International domains (e.g. France, Germany, 116 CU>NFC Algorithm # enabled 

United States, United Kingdom, European Commission, 117 CU>NFC Algorithm seed key 

NATO, North America, G7) other domains or sub-domains 118 NFOCU Algorithm seed key 

are also considered. For example, industry domains (e.g. 40 119 opt CU>HS Algorithm # readied by Policy # 

Telecom, Healthcare, Financial Services, Travel), corporate The CU<->NFC operation messaging along the path 35 

domains (e.g. Hewlett-Packard, Ford Motor Company, provides a number of services. 

CitLBank), association domains (e.g. IEEE, ISO, X/Open), 201 CU>NFC Perform Alg # phase # on {data} 

service domains (e.g. Compuserve, America On-Line), and 202 NFOCU Alg # phase # {complete} {data} 

product domains (e.g. Lotus. Microsoft, General Motors, 45 203 CU>NFC Status Request for 204 NFOCU Policy # 

Proctor & Gamble). active, Alg # {enabled}, Alg # {busy} 

Beyond domains and subdomains the scope of the frame- APPLICATION OF THE FRAMEWORK. The invention 

work can optionally be expanded to define uniqueness has various applications. In particular, the framework is 

within a domain. Again it is the NFCs that make this ideally suited for various national security schemes and 

narrower scope possible. Providing uniqueness means 50 operates consistently across a variety of local laws. For 

allowing for the transfer of unique or personal data to be example the framework could be used to support a key 

transferred to the NFC either at the time of purchase or at the escrow policy. Key escrowing is a process where the keys or 

point of initial validation. NFCs are considered anonymous family keys used for cryptography are kept by a third party, 

when dealing at the domain level. When uniqueness is in the national context, typically a government agency. This 

added, NFCs are no longer anonymous. 55 allows the third party to decrypt information when, for 

INTERCONNECT OF FRAMEWORK ELEMENTS. example, a law enforcement agency is required to see the 

The interconnection of service elements (e.g. NFC, CU, HS, contents of an encrypted message. 

NSS) of this framework is accomplished by the adoption of For example if the policy of nation-X requires key escrow, 

standard Application Programming Interfaces (e.g. X/Open, then when nation-X NFCs are put into circulation they 

OSF) and industry standard protocol exchanges (e.g. TCP/ 60 contain a key escrowed by nation-X. Law enforcement 

IP, ISO, DCE, X.509). The interconnection of elements may would be able to use the electronic stamp on a message to 

be synchronous (i.e. on-line), asynchronous (i.e. off-line), determine that the message was encrypted under the policy 

local (e.g. runtime library), remote (e.g. RPC) or any com- of nation-X. It would also be able to determine unique 

bination of these. For example, a policy that involves identification information of the specific NFC used to enable 

personalization of NFCs could perform a one time authori- 65 the CU. If nation-X agrees to cooperate, the escrowed key 

zation function via a NSS making it unnecessary for future for the NFC involved may be obtained to decrypt the 

on-line verification with an NSS until the NFC expires. suspicious message. 
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The actual encryption algorithm used in nation-X may be Another use for the framework is in avoidance of software 

the same encryption algorithm that is used in nation-Z. such piracy. For example, an NFC may be packaged with the 

that when a user from nation-X visits nation-Z it is only software when one buys a software product (e.g. integrated 

necessary to put a NFC from nation-Z into the CU. The into the packages as part of the software manual). To use the 

encryption algorithm in the CU remains the same, but what 5 product, one removes the NFC from the manual, puts it in a 

is governing the use of cryptography is the policy of CUor HS, and may then perform a one-time load (or limited 

nation-Z. For example, the policy of nation-Z may require a number of loads) of the software onto a system The 

trap door, such that the government of nation-Z is able to framework may also be used to protect software because the 

take a back door into the users system to read the deciphered software is encrypted and may only be decrypted when an 

text. In this case the nation-Z NFC provides a back door 10 NFC that is specific to the software or software manufac- 

rather than an escrowed key to Law enforcement. Several turer is present in the CU. 

such schemes are known in the art and it is a feature of the The framework is especially applicable where a trust 

invention that the framework is readily adapted to accom- factor is required between the users site and a networked 

modate all such schemes as may be implemented in a server. No matter how unreliable intervening systems might 

particular National policy without affecting the basic 15 be, the NFC and NSS are always able to maintain integrity 

hardware, software, or data structures of a user system, with through the communication channel. This is possible 

the exception of the NFC. because the NFC is a tamper-proof piece of hardware that 

Thus, the encryption algorithms in CU may be the same cannot be duplicated outside of the factory that manufac- 

encryption algorithms used everywhere. The NFCs control tured it and the NSS is in a strictly supervised environment 

the use of these encryption algorithms in accordance with 20 It is possible to build upon this NFC/NSS trust model, to 

the local law. Because the NSS is a trusted third party that expand the strength of other session bindings, 

validates proper local use of the framework, it is not possible Another application of the framework involves the use of 

to use cryptography unless a locally accepted NFC is challenge response protocols to validate combinations of the 

installed in the CU. In the example above, even though the framework service elements. For example, before the NFC 

encryption engine operates properly in nation-X, It would 25 begins accessing the NSS for authentication/verification, the 

not operate in nation-Z unless the NFC was replaced with a NFC itself will check out whether it is installed properly and 

nation-Z 1 s NFC. For international communication of if it finds the CU-HS pair to be valid. This would be useful 

encrypted information, (e.g. where an encrypted message is in allowing only certain systems to use a class of NFCs. 

generated in nation-Z and sent to nation-X. The involvement Another application for which the framework is well 

of cryptography far such messages will be independently 30 suited is in connection with an entertainment subscription 

controlled by two NFCs — the X flag card in nation-X and service. The framework is well suited in this environment 

the Z flag card in nation-Z. The invention therefore offers the for the application of renewable cryptography to provide a 

ability to support government policy, whatever that policy fast technique for updating system security on a regular 

may be, and still provide uniform cryptographic services. basis, such that a new usage policy or new encryption 

In addition to the nationalization issues that are illustrated 35 algorithm can be implemented before there is enough time 

above, within a certain nation there may be multiple encryp- to reverse engineer the old method This approach keeps the 

tion policies (e.g. nation-X might have a policy for banking security system one step ahead of pirating. For example, a 

that is more liberal than its policy for manufacturing). subscriber is provided with a personalized NFC with each 

Accordingly, the framework is adapted to operate within month's statement that allows use of a descrambler for one 

each country under several different national policies, or 40 month. The subscription service may also include some 

with several different levels of encryption. For example, just additional NFCs of a promotional value (e.g. an NFC that 

as there are different stamps for first class and priority mail, provides one free hour access to a movie channel), 

the framework may allow for different levels of encryption OPERATING SCENARIO — USERS PERSPECTIVE, 

based on the type of the NFC installed. Tom is a buyer in the U.S. working for Slam International 

It is a feature of the framework that CUs may have the 45 Inc. He has purchased a Hewlett-Packard palmtop [HS] with 

major standard encryption algorithms built-in (e.g. DES, which he intends to send quotation and delivery information 

RSA, DSS, MD5), However, it is also possible to install directly to manufacturing sites worldwide. He will also use 

custom algorithms into the CU providing that the policy in the palmtop to access backlog information directly from 

the governing NFC permits this type of activity. Software regional sales centers while negotiating with customers, 

algorithms can be transferred completely or partially into the 50 Tom's business if very competitive and all this information 

CU from either the NFC or the NSS. Hardware algorithms is considered, shod term, very sensitive. Tom purchased a 

can be added to the CU via the NFC. The actual encryption cryptographic option [CU] with his palmtop so he can 

of a message may involve the NFC, CU, or NSS, or any encrypt and decrypt his messages. However, to activate this 

combination thereof. As soon as the NFC is removed from capability he must install a United States Class V Smart 

the CU these custom algorithms are no longer operation, 55 Stamp [NFC] which he can purchase at a U.S. Post office, 

perhaps not even present, in the CU. Tom's HS-CU-NFC combination is now verified by a FCC- 

Another application of the framework involves the meter- operated Network Authenu'cator [NSS] in Denver via a local 

ing of network access. For example, the so-called "lnfor- GTE cellular service. Tom uses Lotus-Notes on his palmtop 

mation Highway" may end up to be a toll road. In such to send and receive his messages. Lotus-Notes encrypts 

tarrifcd implementations the NFC could provide the ticket 60 Tom's messages prior to transmission and decrypts the 

that must be present to allow communication within the messages after receipt. After 30 days the Class V Smart 

network infrastructure. Thus, one might purchase an NFC Stamp in Tom's palmtop expires and so too does Tom's 

that allows a predetermined number of messages to be sent ability to encrypt and decrypt messages until he purchases a 

over the network. This scheme may be viewed as a form of new Smart Stamp. 

taxation that helps to pay for the network infrastructure if the 65 Every now and then Tom has to leave the U.S. to visit 

network is publicly owned, and as a fee if the network is manufacturing facilities around the world. Tom is able to 

privately owned. take his palmtop in and out of the U.S. with the validated 
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HS-CU-NFC intact. Use of the U.S. policy in non-U.S. 
countries would, however, depend on the political relation- 
ship between that country and the U.S. Public carriers 
transporting messages have the option to accept or deny 
traffic encrypted using another countries cryptographic 5 
policy. The electronic stamp provided by the NFC insures 
that message carriers are able to identify the national policy 
used to encrypt the message. 

OPERATING SCENARIO— GOVERNMENT PER- 
SPECTIVE. Bill is a government agent investigation traf- 1Q 
ricking of contraband, and Tom (from User Perspective 
above) has come under suspicion. After considerable 
investigation, agent Bill suspects that salesman Tom is using 
his palmtop for more than legitimate business and seeks a 
court order to investigate further. Subsequently, salesman 15 
Tom's messages are recorded of the public carrier facilities. 
The messages carry an electronic stamp identifying the 
cryptographic policy used to encrypt the message. Having 
been encrypted using a United States Class V Smart Stamp, 
the U.S. government, after due process, is able to provide 2Q 
agent Bill the keys necessary to decrypt salesman Tom's 
messages for analysis. One additional element of evidence 
also exists that links Tom's palmtops to the source of the 
messages. Because each NFC and its electronic stamp is 
unique, the HS-CU-NFC combination verified by the gov- ^ 
eminent run NSS ties Tom's messages uniquely to the NFC 
in that verified combination. 

Although the invention is described herein with reference 
to the preferred embodiment, one skilled in the art will 
readily appreciate that other applications may be substituted 3Q 
for those set forth herein without departing from the spirit 
and scope of the present invention. Accordingly, the inven- 
tion should only be limited by the Claims included below. 

What is claimed is: 

1. A cryptographic function for an international cryptog- 35 
raphy framework that includes a cryptographic unit, said 
cryptographic function comprising: 

a national flag card for accommodating at least one 
defining parameter of a cryptographic scheme as 
required by a particular national policy without affect- 40 
ing user system hardware, software, or data structures 
beyond anticipated adaptation; 
said cryptographic unit requiring the presence of said 
national flag card to execute said cryptographic function. 

2. The framework of claim 1, further comprising: 45 
a cryptographic unit including a cryptography engine, 

said cryptographic unit adapted to implement said 
cryptographic scheme if and only if said cryptographic 
unit is used in combination with a valid national flag 
card. 50 

3. The framework of claim 2, further comprising: 

a host system adapted to implement an information tech- 
nology application, said host system arranged for com- 
munication with said cryptographic unit and adapted to 
implement said cryptographic scheme if and only if 55 
said host system is used in combination with a cryp- 
tographic unit and a valid national flag card. 

4. The framework of claim 1. further comprising: 

a network security server adapted to provide trusted third 
party services including any of authentication, digital 60 
signature verification, digital authorization certificate 
generation, and authentication of said national flag card 
prior to allowing implementation of said cryptographic 
scheme. 

5. The framework of claim 4, wherein said national flag 65 
card incorporates an electronic stamp that identifies a par- 
ticular national policy; and wherein said network security 



server is a network node that verifies said stamp for message 
handling processes within said network prior to allowing 
implementation of said cryptographic scheme. 

6. The framework of claim 4, wherein said network 
security server is adapted to distribute a cryptography key to 
said national flag card. 

7. The framework of claim 1, wherein said national flag 
card includes user personalization information in each mes- 
sage generated using said cryptographic scheme. 

8. A cryptographic framework for providing uniform 
cryptography that operates consistently and in conformance 
with diverse national policies, comprising: 

a national flag card for accommodating a cryptographic 
scheme as required by a particular national policy 
without affecting user system hardware, software, or 
data structures; 

a cryptographic unit including a cryptography engine, a 
cryptographic unit adapted to implement said crypto- 
graphic scheme; and 

a host system for implementing an information technol- 
ogy application, wherein said host system is in com- 
munication with said cryptographic unit via an appli- 
cation programming interface, and wherein said 
national flag card is installed into said cryptographic 
unit which, in turn, is installed into said host system, 
such that cryptographic functions on said host system 
cannot be executed without a cryptographic unit, which 
in turn requires the presence of a valid national flag 
card. 

9. The framework of claim 8, further comprising: 

a network security server adapted to provide trusted third 
party security services, including verification of any of 
said national flag card, said cryptographic unit, and said 
host system- 
ic The framework of claim 9, wherein said national flag 
card incorporates an electronic stamp that identifies a par- 
ticular national policy; and wherein said network security 
server is a network node that verifies said stamp for message 
handling processes within said network prior to allowing 
implementation of said cryptographic scheme. 

11. The framework of claim 9, wherein said network 
security server is adapted to distribute a cryptography key to 
said national flag card. 

12. The framework of claim 8, wherein said national flag 
card includes user personalization information in each mes- 
sage generated using said cryptographic scheme. 

13. The framework of claim 8 t wherein said cryptographic 
unit is a self-contained PCMCIA card-like unit 

14. The framework of claim 8, wherein said national flag 
card is a tamper-resistant smart card. 

15. The framework of claim 14, wherein said crypto- 
graphic unit is adapted to receive and secure said national 
flag card therein. 

16. The framework of claim 13, wherein said host unit is 
adapted to receive and secure said cryptographic unit 
therein. 

17. The framework of claim 8. wherein said cryptographic 
unit implements a generic encryption engine; and wherein 
said national flag card is adapted to assure that said generic 
cryptographic engine and the use thereof comply with 
national cryptographic policy of the country in which said 
framework is used. 

18. The framework of claim 17, wherein said national flag 
card is adapted to selectively implement at least one addi- 
tional cryptographic engine in combination with said cryp- 
tographic unit 
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19. A cryptography framework, comprising: 
a flag card for accommodating a cryptographic scheme as 

required by a particular application without affecting 
user system hardware, software or data structures; 

a cryptographic unit including a cryptography engine, 
said cryptographic unit adapted to implement said 
cryptographic scheme if and only if said cryptographic 
is used in combination with a valid flag card; and 

a host system for implementing an information technol- 
ogy application, said host system arranged for commu- 
nication with said cryptographic unit and adapted to 
implement said cryptographic scheme if and only if 
said host system is used with combination with a 
cryptographic unit and a valid flag card; 

wherein said flag card implements a selected crypto- 
graphic standard. 

20. The framework of claim 19, further comprising: 
a network security server adapted to provide trusted third 

party authentication of said flag card prior to allowing 20 
implementation of said cryptographic scheme. 

21. The framework of claim 19. wherein said selected 
cryptographic standard may comprise any of a selected 
cryptography algorithm, a selected level of cryptography, a 
national policy, information personalization, system and 25 
network access metering, and renewable cryptography. 

22. A method for providing uniform cryptography that 
operates consistently and in conformance with diverse 
national policies, comprising the steps of: 

providing a national flag card for accommodating a cryp- 30 
tographic scheme as required by a particular national 
policy without affecting user system hardware, 
software, or data structures; 
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operating said national flag card in combination with a 
cryptographic unit including a cryptography engine, 
said cryptographic unit implementing said crypto- 
graphic scheme; and 
implementing an information technology application with 
said host system in communication with said crypto- 
graphic unit via an application programming interface. 

23. The method of claim 22, further comprising the steps 
of: 

installing said national flag card into said cryptographic 
unit; 

installing said cryptographic unit into said host system, 
such that cryptographic functions on said host system 
cannot be executed without a cryptographic unit, which 
in turn requires the presence of a valid national flag 
card. 

24. The method of claim 22, further comprising the step 
of: 

providing a network security server adapted to provide 
trusted third party security services, including verifi- 
cation of any of said national flag card, said crypto- 
graphic unit, and said host system. 

25. The method of claim 22, further comprising the steps 
of: 

incorporating an electronic stamp into said national flag 

card that identifies a particular national policy; and 
verifying said stamp for message handling processes 
within said network prior to allowing implementation 
of said cryptographic scheme with said network secu- 
rity server. 

***** 
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